The following registry entries are created to run NSYS32. This branch is not ahead of the upstream Lopi:master. Microsoft has issued patches for the vulnerabilities exploited by this worm. W32/Agobot-S copies itself to network shares with weak passwords and attempts to spread to computers using the DCOM RPC and the RPC locator vulnerabilities. There was a problem preparing your codespace, please try again. W32/Agobot-S is an IRC backdoor Trojan and network worm. If nothing happens, download Xcode and try again. W32/Agobot-SU runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels. If nothing happens, download GitHub Desktop and try again. A compiler is all that is necessary to build a copy of Agobot, which itself is rather large for a worm. The large set of files could be decompressed and reviewed by anyone taking the time to find it. ![]() W32/Agobot-SU spreads to other network computers by exploiting common buffer overflow vulnerabilites, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (MS03-049) (CAN-2003-0812) and MSSQL (MS02-039) (CAN-2002-0649) and by copying itself to network shares protected by weak passwords. The source code for Agobot was released (allegedly by the author) to the public by way of Internet postings and it spread quickly. W32/Agobot-SU is a worm and IRC backdoor Trojan for the Windows platform.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |